View Full Version : SB doesn't remove "Somoto.BetterInstaller"
Adriano Cruz
2013-10-03, 21:09
Spybot has found "Somoto.BetterInstaller" malware in my PC. Then, after it has been fixed by SB, it is detected in the next scan again.
I would like to know how to remove definitely this threat from my PC.
The software from Somoto is already uninstalled but this malware is identified as a registry key type by SB.
Hi and Welcome!! Adriano Cruz :)
My name is Robybel.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!! ;)
==============================
Scan with OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=============================== Next =======================================
Please download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Allow it to update where necessary
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
On your next reply please post :
OTL.txt
Extras.txt
aswMBR log
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Adriano Cruz
2013-10-04, 23:32
Hi Robybel!
I appreciate your help and attention!!!!
Below is the archive OTL.txt. In future posts, I will send the others archives.
OTL logfile created on: 04/10/2013 16:54:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS
Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Arquivos de Programas\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe ()
PRC - C:\Arquivos de Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPService.exe (Abine Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
PRC - C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
========== Modules (No Company Name) ==========
MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll ()
MOD - C:\Arquivos de Programas\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll ()
MOD - C:\Arquivos de Programas\AVG Secure Search\vprot.exe ()
MOD - C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Arquivos de Programas\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPButton.dll ()
MOD - C:\Arquivos de Programas\IZArc\IZArcCM.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (vToolbarUpdater17.0.12) -- C:\Arquivos de Programas\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe (GAS Tecnologia)
SRV - (AVGIDSAgent) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Arquivos de Programas\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (TVICHW32) -- File not found
DRV - (BootDefragDriver) -- System32\drivers\BootDefragDriver.sys File not found
DRV - (NdisrdMP) -- C:\Windows\System32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (Ndisrd) -- C:\Windows\System32\drivers\GbpNdisrd.sys (GbPlugin NDIS Device Driver)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (GbpKm) -- C:\Windows\System32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc)
DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {96E5BEB0-9B21-4A0F-9ACE-870255201492}
IE - HKLM\..\SearchScopes\{96E5BEB0-9B21-4A0F-9ACE-870255201492}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://positivo.br.msn.comhttp:// [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 0F 96 0A CD A2 CA 01 [binary data]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes,DefaultScope = {4869887B-18B6-4360-A362-D83D7786FC3A}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes\{4869887B-18B6-4360-A362-D83D7786FC3A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&pr=fr&d=2013-05-14 14:58:13&pid=avg&sg=0&v=15.3.0.11&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.1.12 [2013/10/02 15:39:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/09/09 15:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
[2010/01/31 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Extensions
[2013/09/29 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions
[2013/05/28 20:13:13 | 000,000,000 | ---D | M] (Guardiao Itau Unibanco) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/07/12 15:33:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\donottrackplus@abine.com
[2013/09/27 15:35:12 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\idme@abine.com
[2013/07/23 19:25:34 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/07/30 21:03:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/10/01 14:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/10/01 14:35:57 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/09 15:45:56 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\ANAEANO\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
[2013/02/12 01:33:44 | 001,904,472 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2013/05/20 21:40:17 | 000,003,717 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O1 HOSTS File: ([2013/10/03 15:20:13 | 000,449,438 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (Do Not Track Me) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Arquivos de Programas\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDFPrint] C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Do Not Track Me (c) Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Arquivos de Programas\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EB143E-8F5A-41A7-B3A9-2827929C5192}: DhcpNameServer = 200.204.0.10 200.204.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de Programas\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 21:49:08 | 000,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/10/04 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\aswMBR
[2013/10/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
[2013/10/01 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/29 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\anaeano\dwhelper
[2013/09/29 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\anaeano\Local Settings
[2013/09/26 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/26 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/26 12:02:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/26 12:02:39 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/25 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/25 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/25 17:31:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/09/25 17:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/09/23 20:21:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/09/20 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\anaeano\AppData\Roaming\vlc
[2013/09/13 21:28:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 21:28:20 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 21:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 21:28:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 21:28:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 21:28:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 21:28:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/13 21:28:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 21:28:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 13:54:56 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/13 13:54:55 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/13 13:54:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/13 13:54:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/13 13:54:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 13:54:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 13:54:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 13:54:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 13:54:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 13:54:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
========== Files - Modified Within 30 Days ==========
[2013/10/04 16:33:14 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/04 16:22:31 | 000,673,162 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/10/04 16:22:31 | 000,624,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/04 16:22:31 | 000,131,290 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/10/04 16:22:31 | 000,109,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/04 16:22:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/04 10:33:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 10:33:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/04 10:25:39 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/10/04 10:25:27 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/10/04 10:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/04 10:25:16 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/03 15:20:13 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/03 14:54:04 | 000,102,682 | ---- | M] () -- C:\Users\anaeano\Desktop\Sanessol201309.pdf
[2013/10/02 15:39:55 | 000,003,729 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/30 09:44:54 | 000,368,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/27 16:11:15 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131003-152013.backup
[2013/09/26 12:02:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/26 12:02:30 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/09/26 12:02:30 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/26 12:02:30 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/25 18:01:09 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130927-161115.backup
[2013/09/20 16:33:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 16:33:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/16 19:31:21 | 000,012,288 | ---- | M] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
========== Files Created - No Company Name ==========
[2013/10/03 14:54:40 | 000,102,682 | ---- | C] () -- C:\Users\anaeano\Desktop\Sanessol201309.pdf
[2013/09/30 09:44:37 | 000,368,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/25 17:31:50 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/10 16:35:18 | 000,720,082 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.exe
[2013/06/26 19:43:41 | 000,003,729 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/25 22:06:50 | 000,029,020 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.dat
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.jpg
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.C
[2013/03/29 18:31:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2011/07/18 07:02:51 | 000,000,000 | ---- | C] () -- C:\Users\anaeano\AppData\Local\{1AE04D38-2B6D-464E-AEBE-CE14B7E98C7D}
[2011/03/12 16:20:14 | 000,012,288 | ---- | C] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 21:51:19 | 000,000,600 | ---- | C] () -- C:\Users\anaeano\PUTTY.RND
[2010/03/26 13:27:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/31 21:30:24 | 000,007,597 | ---- | C] () -- C:\Users\anaeano\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/07/04 16:03:46 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\Autodesk
[2012/12/20 10:16:17 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\AVG2013
[2013/10/01 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\DiskDefrag
[2013/07/07 21:11:34 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\GlarySoft
[2010/05/09 21:38:10 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\Hide IP NG
[2013/07/06 20:52:25 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\IrfanView
[2012/12/20 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\anaeano\AppData\Roaming\TuneUp Software
[2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/10 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\Usuário Padrão\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 09:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200AAJS-00B4A0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Multi Flash Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Seagate FreeAgent Go USB Device
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10,00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 288,00GB
Starting Offset: 10486808576
Hidden sectors: 0
DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 233,00GB
Starting Offset: 32256
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:19C2A9A4_Bb.gbp
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
< End of report >
Adriano Cruz
2013-10-04, 23:33
OTL Extras logfile created on: 04/10/2013 16:54:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,80% Memory free
3,98 Gb Paging File | 2,46 Gb Available in Paging File | 61,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 245,12 Gb Free Space | 85,02% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 89,66 Gb Free Space | 38,50% Space Free | Partition Type: NTFS
Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E8031-7144-46A4-B049-AB3B3FDC3CFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{04A9D2B6-C854-4B07-9883-6DE9BB6AAB26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1126F98D-0964-482B-97E9-7F3C401C7DC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{15AD5EFC-EFB6-4D40-83F0-3D99E1A44A82}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CA10901-46BB-49E0-B8A4-86B8CB7A0EC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{746A0C57-0C83-4D67-B11C-7A86694C4785}" = lport=138 | protocol=17 | dir=in | app=system |
"{8471C675-6DC8-4AA5-A416-501B8A741486}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E012FD6-DC6B-4D25-AB44-57029A62C8A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EE2C044-2AD6-4019-93A6-08D0B79D99D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE96FB60-8FCE-4D0B-A356-D884DD4FDFA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE75854B-B99A-4D55-B3A6-C781EB156C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14D3FCD-E7F2-4253-83BA-0A57373E5A52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA8BA78E-AA3A-4A1E-9534-9DCC02C98F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCEB6C29-D344-46CA-A0EC-66D18652E722}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC8757C-5B69-4B57-8600-281274B3FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCBEA455-58C3-41BC-8B53-8C9797937ABC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC1207-CDEB-46F0-9E10-AF556C2E60F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1728057D-4C61-4E9F-A259-0A809CAB0A3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1C8DFE47-8A42-4FFF-AEAF-7F9374CAADDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25BA88ED-995E-4034-9E73-14C50C9F5C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{27DCA6D6-7D07-4956-B21E-33ED3CA9C295}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{347E3C2C-9995-4541-A5C7-5A0E830990AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{355C16FA-7BA7-42DA-A1E8-1D8DD4B82A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4190BE0A-68D2-45C0-8A03-4F03D2A17CB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{43F20C69-B04A-47A2-BA22-CFDC8F8515F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49C031E9-89C7-4C66-AB86-3D7755763E5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{64825EA7-6ADE-4B88-9B4B-4ABA8F268696}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{68448CBC-3D7C-473C-9119-D919E10D3624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89AA7339-F6F0-4DC0-BFAC-798B85EA6C3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DE85DB-B481-452D-864E-47028D0A9FB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{AE8C3F42-994D-47F2-9CE0-C02AD814279E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BC9A260A-887A-4D38-AA5F-7194F719C267}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BCA2B3A9-8050-4E02-94EB-00A0AD58D2C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CB66A313-251B-4315-A202-46A1660FE26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE8F6EF6-5872-4D1F-8143-5105DD1CBBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DD6FD93E-94F9-4585-A1AA-25A8DE148CBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{DD8414ED-3FEE-4314-9055-A5DACB3D12FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18D9D3B-67AE-4400-A719-26BE64A29928}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{E338D381-D763-4CB7-8ED2-9D9996423FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED0DC637-B8AE-4C3B-8369-574BAD74FE68}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{10CEAFE8-652E-4B3A-8DC8-B929CC06FED0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{56095BFA-9EDD-4741-A187-34CA9B851705}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EC243B45-7D2C-43F8-B988-74487D13BAAA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F4F02E18-43B5-4CBA-B0DF-01BFE10F4408}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5B86A2B9-BFC0-4B6C-92BC-2CBBEED432D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9C347BD5-AD13-4294-983F-298F8AAAAAB0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CF28B3A2-0D24-40CA-A63E-9D9DDA21DB9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D194D660-96A3-41E9-BE59-46901FF60814}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"MEPOR" = DIC Michaelis Escolar - Espanhol
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b0e7647ff8fae74" = IBA Reader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16/12/2012 16:21:02 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 16/12/2012 17:00:16 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
Description =
Error - 16/12/2012 17:55:18 | Computer Name = anaeano-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Explorer.exe, versão: 6.1.7601.17567,
carimbo de hora: 0x4d6727a7 Nome do módulo de falhas: MSONSEXT.DLL, versão: 10.145.7329.0,
carimbo de hora: 0x4019138d Código de exceção: 0xc0000005 Deslocamento com falha:
0x0004f8b5 Identificação do processo com falha: 0xd98 Hora de início do aplicativo
com falha: 0x01cddbd65c39c207 Caminho do aplicativo com falha: C:\Windows\Explorer.exe
FCaminho
do módulo de falhas: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL Identificação
do Relatório: 473b17eb-47cb-11e2-b69c-002618ab3c41
Error - 17/12/2012 16:07:30 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 18/12/2012 16:39:12 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 19/12/2012 16:36:59 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 20/12/2012 10:35:20 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 21/12/2012 11:11:57 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 22/12/2012 15:41:40 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
Error - 24/12/2012 13:05:34 | Computer Name = anaeano-PC | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 02/10/2013 18:17:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Error - 02/10/2013 18:17:59 | Computer Name = anaeano-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = O serviço Auxiliar de Compatibilidade de Programas não pôde executar
a inicialização da fase dois.
Error - 02/10/2013 20:37:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.
Error - 03/10/2013 13:45:27 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053
Error - 03/10/2013 13:45:33 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Error - 03/10/2013 20:04:40 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.
Error - 04/10/2013 09:25:59 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053
Error - 04/10/2013 09:26:08 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
< End of report >
Adriano Cruz
2013-10-05, 00:24
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-04 17:37:47
-----------------------------
17:37:47.077 OS Version: Windows 6.1.7601 Service Pack 1
17:37:47.077 Number of processors: 2 586 0x170A
17:37:47.079 ComputerName: ANAEANO-PC UserName: anaeano
17:37:47.763 Initialize success
17:52:24.522 AVAST engine defs: 13100401
17:52:33.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:52:33.704 Disk 0 Vendor: WDC_WD3200AAJS-00B4A0 01.03A01 Size: 305245MB BusType: 3
17:52:33.810 Disk 0 MBR read successfully
17:52:33.815 Disk 0 MBR scan
17:52:33.828 Disk 0 Windows 7 default MBR code
17:52:33.834 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 10000 MB offset 2048
17:52:33.861 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295243 MB offset 20482048
17:52:33.877 Disk 0 scanning sectors +625139712
17:52:33.966 Disk 0 scanning C:\Windows\system32\drivers
17:52:50.178 Service scanning
17:52:58.163 Service GbpKm C:\Windows\system32\drivers\gbpkm.sys **LOCKED** 32
17:53:20.384 Modules scanning
17:53:25.358 Disk 0 trace - called modules:
17:53:25.376 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
17:53:25.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a32030]
17:53:25.386 3 CLASSPNP.SYS[88fb159e] -> nt!IofCallDriver -> [0x8595a7e0]
17:53:25.391 5 ACPI.sys[88aab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8594d338]
17:53:26.206 AVAST engine scan C:\Windows
17:53:29.549 AVAST engine scan C:\Windows\system32
17:59:27.509 AVAST engine scan C:\Windows\system32\drivers
17:59:52.500 AVAST engine scan C:\Users\anaeano
18:03:28.212 AVAST engine scan C:\ProgramData
18:04:40.973 Scan finished successfully
18:20:40.404 Disk 0 MBR has been saved successfully to "C:\Program Files\aswMBR\MBR.dat"
18:20:40.411 The log file has been saved successfully to "C:\Program Files\aswMBR\aswMBR.txt"
Hi Adriano Cruz
Good job
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next
http://i.imgur.com/81mYIKe.jpg AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Next
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Next
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
checkup.txt
AdwCleaner[R0].txt
JRT.txt
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
Adriano Cruz
2013-10-07, 22:58
Robybell,
Here goes the requested files.
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java 7 Update 40
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Adriano Cruz
2013-10-07, 23:06
I didn't click on the cleaning\delete button after the scan.
The softwares configurations I would like to keep is:
- AVG
- Internet Explorer
- Mozilla Firefox
# AdwCleaner v3.006 - Relatório criado 07/10/2013 às 16:27:37
# Atualizado 01/10/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : anaeano - ANAEANO-PC
# Executando de : C:\Program Files\Adwcleaner\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Pasta Encontrado C:\Program Files\AVG Secure Search
Pasta Encontrado C:\Program Files\Common Files\AVG Secure Search
Pasta Encontrado C:\ProgramData\AVG Secure Search
Pasta Encontrado C:\ProgramData\boost_interprocess
Pasta Encontrado C:\Users\anaeano\AppData\Local\AVG Secure Search
Pasta Encontrado C:\Users\anaeano\AppData\LocalLow\AVG Secure Search
Pasta Encontrado C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\jetpack
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\AVG Secure Search
Chave Encontrada : HKCU\Software\BI
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\YahooPartnerToolbar
Chave Encontrada : HKLM\Software\AVG Secure Search
Chave Encontrada : HKLM\Software\AVG Security Toolbar
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Encontrada : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Chave Encontrada : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Encontrada : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v24.0 (pt-BR)
[ Arquivo : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\prefs.js ]
Linha encontrada : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.0.14");
Linha encontrada : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&pr=fr[...]
*************************
AdwCleaner[R0].txt - [7196 octets] - [07/10/2013 16:27:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7256 octets] ##########
Adriano Cruz
2013-10-07, 23:09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Starter x86
Ran by anaeano on 07/10/2013 at 16:35:40,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_barcapture_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{031559F6-88B1-46FA-83A8-9901AE84933C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{03A8C0D7-3246-4186-89F9-7CB4B87962D0}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{04D7AFA4-DAD8-48EB-BE3C-52A12DB15875}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{12329A2A-05E4-44D3-A005-BD1F41B517B0}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{18054F79-DEE3-42E3-9102-727959DA0558}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{18D02EC4-FD7E-4B52-B742-FA93C86A7200}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{1DF0D558-3CDE-471F-9DA3-9C685500C2F8}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{1FE87E6A-99E5-4BAC-8ABE-477A38F377E8}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{2D19DBFC-F96D-46E7-BC82-B3C75E78BBD7}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{303BD25C-51D0-4714-8E5F-05252979B473}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{30DCC627-19E0-4593-940C-7A68667A9C9A}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{32C1BA2B-E6E8-4681-B81D-53325B331040}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{39FE50C8-74F1-42C7-ABB7-1C6060235DE0}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{53B372C2-962B-432D-8C4A-89AA393C9455}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{554A827C-12D7-457D-91C7-D52DEB0CDC2A}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{5A51A726-12E1-4496-8AC2-73CADF5E315D}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{5BCE3297-D65B-4D2B-ADBD-AB8E8D346F0C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{60CBEB59-D43E-4E64-B5FF-44B0E6CF3572}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{654F156A-EFE5-460F-8C8B-E51F2CA22CB3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{65F0103B-4352-492F-AEF8-18001E08E9C1}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6ABA4C57-0DE3-410E-9EE9-8089643CA6BB}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6AEC1C52-C729-41B6-B164-6A88AA3778F3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{6DC649FB-91A6-4964-9AF2-8FF11D2FC323}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{788E8F0F-14D0-4330-83AB-50AD4B758645}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{7D03AC96-11D3-4D3E-9E1C-9B7BF890F14A}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8561B2B7-C0B2-48B1-8C37-6AF83BF7505F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8696A651-6D39-46C9-BE9C-BF7F2BCD3DD2}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8F994AAC-E2F6-4F0C-BE31-6EE2D43B9A74}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{8FF34E29-732F-482A-AD3A-459F9CD12065}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{907F07C6-B720-4FEA-A12B-AC1E94B6B39F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{91DE90D0-5FD6-4A6B-ADD7-BDB7429794C6}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{A9FC49CB-B88A-440C-ACBA-91AC3994B00C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{BD2B4D78-F098-4EBC-B9B1-BF289775CF74}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{C14999AF-D8A2-4B98-9BCE-A29E138DC6F3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{C6A3A253-7FFC-435F-8145-9253EAEF55E9}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CDE37E5F-D09D-444B-9FD5-BD9503200E5D}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CF8687CB-BFC1-41C2-9540-BC83C35A492C}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{CFD46C27-5419-4834-A55A-20EFF49EA39D}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{D6D95AE4-1663-45E3-A1F5-9F57B07A0C65}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DA9482D1-C580-4F9B-B087-20C484336043}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DCA8DE6B-C842-45C5-940C-669B753A3AA8}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{DE4CB351-22CC-4EBC-84A1-EFDA0044FDB3}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E3D34EAF-5525-4B40-AF6F-5185B6A64847}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E64CB22B-716A-49A0-9030-FA35F288414F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{E8AFA693-A12A-450F-BB01-E464E1A2118F}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{EDD9F07C-18AD-4B15-8D6F-643865BF4BBF}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{F7BFC302-04CA-4C9D-8779-46CE88B6485E}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{F9383060-5475-4F05-9487-9E8DE4CFE778}
Successfully deleted: [Empty Folder] C:\Users\anaeano\appdata\local\{FF204A29-A7AA-41B2-AFBF-DD3365360E1A}
~~~ FireFox
Successfully deleted the following from C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\prefs.js
user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F3DD3E25-2060-41CB-9696-49ACCD9DFF77}&mid=b1d1872d123f47d6b732d16f5e4fd5b2-ad1491be2ce6c122f6b66faa90e70c2decf7d34
Emptied folder: C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\minidumps [36 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2013 at 16:37:19,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adriano Cruz
2013-10-07, 23:10
RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Remover -- Data : 10/07/2013 16:52:39
| ARK || FAK || MBR |
¤¤¤ Entradas ruins : 0 ¤¤¤
¤¤¤ Entradas do Registro : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETADO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)
¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETADO
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> DELETADO
¤¤¤ entradas de inicialização : 0 ¤¤¤
¤¤¤ Os navegadores da Web : 0 ¤¤¤
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver : [Carregado] ¤¤¤
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFF3F8A75)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@ScrollViewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8576)
[Inline] EAT @explorer.exe (RegCreateKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759240FE)
[Inline] EAT @explorer.exe (RegEnumKeyW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592445B)
[Inline] EAT @explorer.exe (RegOpenKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592468D)
[Inline] EAT @explorer.exe (RegQueryValueExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759246AD)
[Inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7513DF8D)
¤¤¤ Hives externas: ¤¤¤
¤¤¤ Infecção : ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] a3c0de2d82b0627ed1d91fd1074efef4
[BSP] 081e1d9b6ef823f10f987314a2fbb8ab : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 295243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[0]_D_10072013_165239.txt >>
RKreport[0]_S_10072013_165157.txt
Adriano Cruz
2013-10-07, 23:11
RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Atalhos HJfix -- Data : 10/07/2013 16:53:15
| ARK || FAK || MBR |
¤¤¤ Entradas ruins : 0 ¤¤¤
¤¤¤ Driver : [Carregado] ¤¤¤
¤¤¤ Hives externas: ¤¤¤
¤¤¤ Atributos de arquivos restaurados: ¤¤¤
Área de trabalho: Success 0 / Fail 0
Barra de inicialização rapida: Success 0 / Fail 0
Programas: Success 0 / Fail 0
Menu Iniciar: Success 0 / Fail 0
Pasta do Usuario: Success 10 / Fail 0
Meus Documentos: Success 1 / Fail 1
Meus Favoritos: Success 0 / Fail 0
Minhas Imagens: Success 0 / Fail 0
Minhas Musicas: Success 0 / Fail 0
Meus Videos: Success 0 / Fail 0
Unidade Local: Success 11 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored
¤¤¤ Infecção : ¤¤¤
Concluido : << RKreport[0]_SC_10072013_165315.txt >>
RKreport[0]_D_10072013_165239.txt;RKreport[0]_S_10072013_165157.txt
Adriano Cruz
2013-10-07, 23:22
Robybell,
What are host archives? I don't remember I have used anyone of that links listed by OTL and JRT...
I wait your instructions for the next steps.
Adriano.
Adriano Cruz
2013-10-07, 23:48
RogueKiller V8.7.1 [Oct 3 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Site : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : anaeano [Privilegios de Admnistrador]
Modo : Verificar -- Data : 10/07/2013 16:51:57
| ARK || FAK || MBR |
¤¤¤ Entradas ruins : 0 ¤¤¤
¤¤¤ Entradas do Registro : 5 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> ENCONTRADO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> ENCONTRADO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ENCONTRADO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO
¤¤¤ As tarefas agendadas : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ENCONTRADO
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> ENCONTRADO
¤¤¤ entradas de inicialização : 0 ¤¤¤
¤¤¤ Os navegadores da Web : 0 ¤¤¤
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver : [Carregado] ¤¤¤
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFF3F8A75)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8A92)
[Inline] EAT @explorer.exe (?s_pClassInfo@ScrollViewer@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6F3F8576)
[Inline] EAT @explorer.exe (RegCreateKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759240FE)
[Inline] EAT @explorer.exe (RegEnumKeyW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592445B)
[Inline] EAT @explorer.exe (RegOpenKeyExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x7592468D)
[Inline] EAT @explorer.exe (RegQueryValueExW) : pkmws.dll -> HOOKED (C:\Windows\system32\ADVAPI32.dll @ 0x759246AD)
[Inline] EAT @explorer.exe (RegisterClipboardFormatW) : pkmws.dll -> HOOKED (C:\Windows\system32\USER32.dll @ 0x7513DF8D)
¤¤¤ Hives externas: ¤¤¤
¤¤¤ Infecção : ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Unidades de disco padrão) - WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] a3c0de2d82b0627ed1d91fd1074efef4
[BSP] 081e1d9b6ef823f10f987314a2fbb8ab : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 295243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[0]_S_10072013_165157.txt >>
Adriano Cruz
2013-10-08, 16:15
Robybell,
Do not bother replying my question about host file.
I did a research and found out what it is.
My AVG detected RK as a threat and it was needed to deactived AVG to run RK properly.
About the dates RK transfers by itself to the its software owner, may I stay peaceful?
Dakeyras
2013-10-08, 23:08
Hi. :)
Robybel is currently unavailable and I will be assisting you for the time being...
Please acknowledge this post and then we will go from there, thank you.
Adriano Cruz
2013-10-08, 23:45
Hi Dakeyras!
We can go on!
Dakeyras
2013-10-09, 00:22
Hi. :)
We can go on!
Acknowledged.
Going back to some questions you raised...
My AVG detected RK as a threat and it was needed to deactived AVG to run RK properly.
Not a problem and at times any security software you have installed(in this case AVG 2013) may give warnings for some of the tools you may be asked to download/use. Be assured, any advised are absolutely safe to download etc...
About the dates RK transfers by itself to the its software owner, may I stay peaceful?
Yes you can, lets proceed as follows shall we...
Re-scan with AdwCleaner:
Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt
Re-scan with OTL:
Right-click on OTL.exe and select Run as Administrator to start OTL.
Under Output, ensure that Standard Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Then click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these two Notepad files in your next reply.
Next:
When completed the above, please post back the following in the order asked for:
How is your computer performing now, any further symptoms and or problems encountered ?
AdwCleaner Log.
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
Adriano Cruz
2013-10-09, 17:32
# AdwCleaner v3.007 - Relatório criado 09/10/2013 às 11:19:23
# Atualizado 09/10/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : anaeano - ANAEANO-PC
# Executando de : C:\AdwCleaner\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\AVG Secure Search
Pasta Deletada : C:\Program Files\AVG Secure Search
Pasta Deletada : C:\Program Files\Common Files\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\Local\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\LocalLow\AVG Secure Search
Pasta Deletada : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\jetpack
Arquivo Deletada : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\AVG Security Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v24.0 (pt-BR)
[ Arquivo : C:\Users\anaeano\AppData\Roaming\Mozilla\Firefox\Profiles\rz6dwnof.default\prefs.js ]
Linha deletada : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.0.14");
*************************
AdwCleaner[R0].txt - [7336 octets] - [07/10/2013 16:27:37]
AdwCleaner[R1].txt - [4135 octets] - [09/10/2013 11:15:29]
AdwCleaner[S0].txt - [3995 octets] - [09/10/2013 11:19:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4055 octets] ##########
Adriano Cruz
2013-10-09, 17:42
OTL logfile created on: 09/10/2013 11:35:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,34% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 243,98 Gb Free Space | 84,62% Space Free | Partition Type: NTFS
Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/04 16:31:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Arquivos de Programas\OTL\OTL.exe
PRC - [2013/10/01 14:35:57 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/10 12:08:18 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Arquivos de Programas\PDF24\pdf24.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de Programas\AVG\AVG2013\avgemcx.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009/12/10 01:51:18 | 000,115,888 | ---- | M] (Oceanis) -- C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/01 14:35:56 | 003,279,768 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/10/01 14:35:57 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/15 11:23:42 | 000,409,640 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de Programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 07:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Arquivos de Programas\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TVICHW32)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (NdisrdMP)
DRV - [2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GbpNdisrd.sys -- (Ndisrd)
DRV - [2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/05/08 09:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/02 04:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010/09/02 04:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/03/26 16:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/11/12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{96E5BEB0-9B21-4A0F-9ACE-870255201492}: "URL" = http://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=MAPT&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://positivo.br.msn.comhttp:// [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 0F 96 0A CD A2 CA 01 [binary data]
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..\SearchScopes\{4869887B-18B6-4360-A362-D83D7786FC3A}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\anaeano\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2013/09/09 15:45:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/01 14:35:51 | 000,000,000 | ---D | M]
[2010/01/31 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Extensions
[2013/09/29 21:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions
[2013/05/28 20:13:13 | 000,000,000 | ---D | M] (Guardiao Itau Unibanco) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/07/12 15:33:10 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\donottrackplus@abine.com
[2013/09/27 15:35:12 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\anaeano\AppData\Roaming\mozilla\Firefox\Profiles\rz6dwnof.default\extensions\idme@abine.com
[2013/07/23 19:25:34 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2013/07/30 21:03:26 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\anaeano\AppData\Roaming\mozilla\firefox\profiles\rz6dwnof.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2013/10/01 14:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/01 14:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/10/01 14:35:57 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/09 15:45:56 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\ANAEANO\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
[2013/02/12 01:33:44 | 001,904,472 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
O1 HOSTS File: ([2013/10/03 15:20:13 | 000,449,438 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15429 more lines...
O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Arquivos de Programas\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDFPrint] C:\Arquivos de Programas\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EB143E-8F5A-41A7-B3A9-2827929C5192}: DhcpNameServer = 200.204.0.10 200.204.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Arquivos de Programas\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/07 16:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2013/10/07 16:35:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/07 16:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Junkware Removal Tool
[2013/10/07 16:27:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/07 16:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Security check
[2013/10/04 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\aswMBR
[2013/10/04 16:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\OTL
[2013/10/01 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/29 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\anaeano\dwhelper
[2013/09/29 21:20:06 | 000,000,000 | ---D | C] -- C:\Users\anaeano\Local Settings
[2013/09/26 12:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/26 12:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/26 12:02:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/26 12:02:39 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/25 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/25 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/25 17:31:42 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/09/25 17:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/09/23 20:21:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/09/20 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\anaeano\AppData\Roaming\vlc
[2013/09/13 21:28:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 21:28:20 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 21:28:20 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 21:28:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 21:28:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 21:28:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 21:28:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 21:28:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/13 21:28:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 21:28:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 13:54:56 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/13 13:54:55 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/13 13:54:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/13 13:54:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/13 13:54:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/13 13:54:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/13 13:54:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/13 13:54:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/13 13:54:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/13 13:54:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/13 13:54:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/13 13:54:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/13 13:54:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/13 13:54:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/13 13:54:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/12 13:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
========== Files - Modified Within 30 Days ==========
[2013/10/09 11:29:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 11:29:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 11:27:58 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/09 11:27:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/09 11:21:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/10/09 11:21:31 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\System32\drivers\GbpNdisrd.sys
[2013/10/09 11:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/09 11:21:23 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/08 16:51:30 | 000,076,649 | ---- | M] () -- C:\Users\anaeano\Desktop\certidão de Quitação Eleitoral- Adriano.pdf
[2013/10/04 16:22:31 | 000,673,162 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/10/04 16:22:31 | 000,624,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/04 16:22:31 | 000,131,290 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/10/04 16:22:31 | 000,109,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/03 15:20:13 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/02 15:39:55 | 000,003,729 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/02 15:39:28 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/09/30 09:44:54 | 000,368,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/27 16:11:15 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20131003-152013.backup
[2013/09/26 12:02:31 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/09/26 12:02:30 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/09/26 12:02:30 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/09/26 12:02:30 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/09/26 12:02:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/09/25 18:01:09 | 000,449,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130927-161115.backup
[2013/09/20 16:33:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/20 16:33:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/16 19:31:21 | 000,012,288 | ---- | M] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
========== Files Created - No Company Name ==========
[2013/10/08 16:51:50 | 000,076,649 | ---- | C] () -- C:\Users\anaeano\Desktop\certidão de Quitação Eleitoral- Adriano.pdf
[2013/09/30 09:44:37 | 000,368,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/25 17:31:50 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/10 16:35:18 | 000,720,082 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.exe
[2013/06/26 19:43:41 | 000,003,729 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/25 22:06:50 | 000,029,020 | ---- | C] () -- C:\Users\anaeano\AppData\Roaming\unins000.dat
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.jpg
[2013/05/09 15:47:31 | 000,000,000 | ---- | C] () -- C:\Program Files\SysTools Outlook PST ViewerArchiving.C
[2013/03/29 18:31:01 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2011/07/18 07:02:51 | 000,000,000 | ---- | C] () -- C:\Users\anaeano\AppData\Local\{1AE04D38-2B6D-464E-AEBE-CE14B7E98C7D}
[2011/03/12 16:20:14 | 000,012,288 | ---- | C] () -- C:\Users\anaeano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/09 21:51:19 | 000,000,600 | ---- | C] () -- C:\Users\anaeano\PUTTY.RND
[2010/03/26 13:27:02 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/31 21:30:24 | 000,007,597 | ---- | C] () -- C:\Users\anaeano\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 208 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:19C2A9A4_Bb.gbp
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
Adriano Cruz
2013-10-09, 17:43
OTL Extras logfile created on: 09/10/2013 11:35:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files\OTL
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,34% Memory free
3,98 Gb Paging File | 2,79 Gb Available in Paging File | 70,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 243,98 Gb Free Space | 84,62% Space Free | Partition Type: NTFS
Computer Name: ANAEANO-PC | User Name: anaeano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E8031-7144-46A4-B049-AB3B3FDC3CFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{04A9D2B6-C854-4B07-9883-6DE9BB6AAB26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1126F98D-0964-482B-97E9-7F3C401C7DC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{15AD5EFC-EFB6-4D40-83F0-3D99E1A44A82}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CA10901-46BB-49E0-B8A4-86B8CB7A0EC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{746A0C57-0C83-4D67-B11C-7A86694C4785}" = lport=138 | protocol=17 | dir=in | app=system |
"{8471C675-6DC8-4AA5-A416-501B8A741486}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E012FD6-DC6B-4D25-AB44-57029A62C8A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EE2C044-2AD6-4019-93A6-08D0B79D99D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE96FB60-8FCE-4D0B-A356-D884DD4FDFA4}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE75854B-B99A-4D55-B3A6-C781EB156C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14D3FCD-E7F2-4253-83BA-0A57373E5A52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA8BA78E-AA3A-4A1E-9534-9DCC02C98F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCEB6C29-D344-46CA-A0EC-66D18652E722}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC8757C-5B69-4B57-8600-281274B3FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCBEA455-58C3-41BC-8B53-8C9797937ABC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC1207-CDEB-46F0-9E10-AF556C2E60F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1728057D-4C61-4E9F-A259-0A809CAB0A3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1C8DFE47-8A42-4FFF-AEAF-7F9374CAADDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25BA88ED-995E-4034-9E73-14C50C9F5C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{27DCA6D6-7D07-4956-B21E-33ED3CA9C295}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{347E3C2C-9995-4541-A5C7-5A0E830990AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{355C16FA-7BA7-42DA-A1E8-1D8DD4B82A60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4190BE0A-68D2-45C0-8A03-4F03D2A17CB2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{43F20C69-B04A-47A2-BA22-CFDC8F8515F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49C031E9-89C7-4C66-AB86-3D7755763E5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{64825EA7-6ADE-4B88-9B4B-4ABA8F268696}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{68448CBC-3D7C-473C-9119-D919E10D3624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{89AA7339-F6F0-4DC0-BFAC-798B85EA6C3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DE85DB-B481-452D-864E-47028D0A9FB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{AE8C3F42-994D-47F2-9CE0-C02AD814279E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{BC9A260A-887A-4D38-AA5F-7194F719C267}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BCA2B3A9-8050-4E02-94EB-00A0AD58D2C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CB66A313-251B-4315-A202-46A1660FE26F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CE8F6EF6-5872-4D1F-8143-5105DD1CBBF2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DD6FD93E-94F9-4585-A1AA-25A8DE148CBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{DD8414ED-3FEE-4314-9055-A5DACB3D12FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E18D9D3B-67AE-4400-A719-26BE64A29928}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{E338D381-D763-4CB7-8ED2-9D9996423FC6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ED0DC637-B8AE-4C3B-8369-574BAD74FE68}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"TCP Query User{10CEAFE8-652E-4B3A-8DC8-B929CC06FED0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{56095BFA-9EDD-4741-A187-34CA9B851705}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{EC243B45-7D2C-43F8-B988-74487D13BAAA}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F4F02E18-43B5-4CBA-B0DF-01BFE10F4408}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5B86A2B9-BFC0-4B6C-92BC-2CBBEED432D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9C347BD5-AD13-4294-983F-298F8AAAAAB0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{CF28B3A2-0D24-40CA-A63E-9D9DDA21DB9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D194D660-96A3-41E9-BE59-46901FF60814}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1" = GBBD Banco do Brasil
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5df13c1b-bef1-4e1d-b581-44ea38f0e276}_is1" = SysTools Outlook PST Viewer v2.0
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.6.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90300416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00AF-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil))
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Português
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}" = Document Express DjVu Plug-in
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"A Bíblia Sagrada Versão Digital 6.7 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.7 Freeware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Do Not Track Me Add-on_is1" = Do Not Track Me Add-on 2.2.8.122
"ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"IRPF2013" = IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"MEPOR" = DIC Michaelis Escolar - Espanhol
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 24.0 (x86 pt-BR)" = Mozilla Firefox 24.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5b0e7647ff8fae74" = IBA Reader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07/10/2013 17:08:34 | Computer Name = anaeano-PC | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Erro no arquivo de manifesto
ou de diretiva c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll",
na linha 2. Sintaxe XMl inválida.
[ System Events ]
Error - 07/10/2013 20:00:30 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 08/10/2013 08:54:39 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Error - 08/10/2013 21:22:02 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 09/10/2013 10:03:42 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7009
Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão
do serviço Spybot-S&D 2 Scanner Service.
Error - 09/10/2013 10:03:42 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Spybot-S&D 2 Scanner Service devido
ao seguinte erro: %%1053
Error - 09/10/2013 10:03:50 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
Error - 09/10/2013 10:20:24 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou para FailureActions com o seguinte
erro: %%5
Error - 09/10/2013 10:21:54 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço vToolbarUpdater17.0.12 devido ao
seguinte erro: %%2
Error - 09/10/2013 10:21:57 | Computer Name = anaeano-PC | Source = Service Control Manager | ID = 7026
Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema
ou de inicialização: vflt
< End of report >
Adriano Cruz
2013-10-09, 19:26
Dakeyras,
After all this work, SB keeps finding and not removing the initial threat:
Description: Somoto.Betterinstaller - Root class
Location: HKLM\SOFTWARE\Classes\sdp
Threat level: 10
Type: registry key
Category: MalwareC
Rule#: B8A7F4F7
In spite of that, my PC is working well.
But I would like to feel secure in using it without the threat that SB has found.
Dakeyras
2013-10-10, 11:13
Hi. :)
In spite of that, my PC is working well.
Good.
SB keeps finding and not removing the initial threat
After running the custom OTL script below(post the log created in your next reply also from the aforementioned custom script), please check for updates with Spybot and run a quick scan and let myself know if still detected please.
Glary Utilities Advice:
Such types of so called tweaking software rarely do any good and actually have the capacity to render a machine little more than a expensive doorstop, my friendly advice is you consider uninstalling the software.
Java Advice:
There has been a recent severe exploitation of this software(still on-going), further information can be read here (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/). The aforementioned article will also explain on how to disable the plugins, though my friendly advice would be to uninstall if you do not use anything Java related.
Myself I no longer have anything Java related installed on my machines.
Custom OTL Script:
Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]
:OTL
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis)
O15 - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis)
[2013/10/09 11:21:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]
:Commands
[EmptyTemp]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Adriano Cruz
2013-10-10, 21:39
Dakeyras,
Forgive my lack of technical knowledge in IT but before running the script in OTL I wonder what this command will do, especially on "bancodobrasil.com.br" and "bb.com.br".
Dakeyras
2013-10-10, 23:18
Hi. :)
Forgive my lack of technical knowledge in IT but before running the script in OTL I wonder what this command will do, especially on "bancodobrasil.com.br" and "bb.com.br".
Not a problem and asking questions is absolutely fine far as I am concerned etc...
Basically no websites should be in the Trusted Zone of Internet Explorer at all in my humble opinion. The reason being the default security settings in the Trusted Zone are set way too low, which makes it unsafe in my book. Plus it should not be necessary for any remote server to have that level of access anyway. Plenty of good and reputable sites become compromised to host malware, advertising networks are renowned for serving malware which can appear on any site. The best policy is to remove anything from the Trusted Zone unless it's absolutely required in order for the site to work and you trust that site implicitly. Though the latter these days is becoming more and more fraught as compared to a good few years back unfortunately.
However the machine is your property after all and if you really want to keep those particular sites in the Trusted Zone, that is your decision and I will respect that and merely run the modified custom script below instead if you so wish.
:Commands
[CreateRestorePoint]
:OTL
IE - HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O9 - Extra 'Tools' menuitem : Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
[2013/10/09 11:21:41 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp]
:Commands
[EmptyTemp]
Adriano Cruz
2013-10-11, 00:25
Dakeyras,
Thank you for replying.
So I will run the former script.
And if necessary, later, I add the mentioned websites in the Trusted Zone again.
Soon, I send the results.
Adriano Cruz
2013-10-11, 00:38
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-3550818114-746151525-2354952759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www14\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bancobrasil.com.br\www2\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3550818114-746151525-2354952759-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bb.com.br\www\ deleted successfully.
C:\Windows\Tasks\GlaryInitialize.job moved successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /release /c >
Configura‡Æo de IP do Windows
Adaptador Ethernet ConexÆo local:
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Endere‡o IPv6 de link local . . . . . . . . : fe80::18b5:2055:2bc2:4001%11
Gateway PadrÆo. . . . . . . . . . . . . . . :
Adaptador de t£nel isatap.MultilaserAP:
Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Adaptador de t£nel ConexÆo Local*:
Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
< ipconfig /renew /c >
Configura‡Æo de IP do Windows
Adaptador Ethernet ConexÆo local:
Sufixo DNS espec¡fico de conexÆo. . . . . . : MultilaserAP
Endere‡o IPv6 de link local . . . . . . . . : fe80::18b5:2055:2bc2:4001%11
Endere‡o IPv4. . . . . . . . . . . . . . . : 192.168.0.100
M*scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.0.1
Adaptador de t£nel isatap.MultilaserAP:
Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Adaptador de t£nel ConexÆo Local*:
Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Cat*logo Winsock redefinido com ˆxito.
Reinicie o computador para concluir a redefini‡Æo.
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Redefinindo Global, OK!
Redefinindo Interface, OK!
Redefinindo Endere‡o Unicast, OK!
Reinicie o computador para concluir esta a‡Æo.
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Program Files\OTL\cmd.bat deleted successfully.
C:\Program Files\OTL\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: anaeano
->Temp folder emptied: 13704547 bytes
->Temporary Internet Files folder emptied: 359935 bytes
->Java cache emptied: 9291 bytes
->FireFox cache emptied: 53105431 bytes
->Flash cache emptied: 506 bytes
User: Convidado
->Temp folder emptied: 70291 bytes
->Temporary Internet Files folder emptied: 432436 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 582 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Todos os Usuários
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41902084 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 105,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10102013_182807
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Adriano Cruz
2013-10-11, 01:15
Well, now SB doest not detected that threat!!!!
I guess the work is done.
Feel free to make any comments more or leave some advice for the security of my PC.
I do thank you and Robybell for helping me.
Besides helpful, you were very polite too.
Dakeyras
2013-10-11, 10:15
Hi. :)
I do thank you and Robybell for helping me.
Besides helpful, you were very polite too.
On behalf of us both you are most welcome and thank you for the compliment also.
Well, now SB doest not detected that threat!!!!
I guess the work is done.
Feel free to make any comments more or leave some advice for the security of my PC.
Good and congratulations your computer appears to be malware free!
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Uninstall AdwCleaner:
Right-click on AdwCleaner.exe and select Run as Administrator to start the program.
Click on Uninstall >> Yes, this will remove the application and its log(s).
Clean up with OTL:
Right-click OTL and select Run as Administrator to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.
Any left over merely delete yourself and empty the Recycle Bin.
Reset the System Restore points:
Create a new, clean System Restore point:-
Right click on Computer and select Properties >> System protection >> Create....
Give this restore point a descriptive name and click Create.
When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!
Flush Old System Restore points:-
Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
Select the system drive, C >> OK.
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Click on Clean up system files >> Select the system drive, C >> OK.
Now click on the More Options tab.
Under:-
System Restore and Shadow Copies
Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:
The below articles are worth reading and bookmarking for future reference:-
Computer Security - a short guide to staying safer online (http://malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
Securing Your Web Browser (http://www.cert.org/tech_tips/securing_browser/)
So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place)
Next:
Any questions ? Feel free to ask, if not stay safe!
Adriano Cruz
2013-10-12, 00:14
Well, Dakeyras, I have no more questions for now.
Thank for the tips! :bigthumb:
All the best!!
Dakeyras
2013-10-12, 01:00
Acknowledged and likewise. :)
Dakeyras
2013-10-13, 18:12
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)